{“lastseen”:”2026-02-02T18:30:05″,”description”:”Multiple cross site scripting vulnerabilities exist in Serendipity version 1.6.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive…”,”published”:”2026-02-02T00:00:00″,”modified”:”2026-02-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Serendipity 1.6.2 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:214743″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”Serendipity 1.6.2 – Cross-site Scripting\\n Advisory ID: RO-13-002\\n Severity: Medium\\n Vendor: Serendipity\\n Product: Serendipity\\n Version: 1.6.2\\n \\n \\n Overview #\\n \\n Multiple Cross-site Scripting (XSS) vulnerabilities exist in Serendipity version 1.6.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML.\\n \\n \\n Vulnerability Details #\\n \\n Affected Versions: 1.6.2 and earlier\\n \\n Root Cause: Insufficient input validation and output encoding in the admin image selector.\\n Technical Details #\\n \\n Vulnerable URLs in serendipity_admin_image_selector.php:\\n \\n \/serendipity_admin_image_selector.php?serendipity[textarea]=’%2Balert(0x000887)%2B’\\n \\n \/serendipity_admin_image_selector.php?serendipity[htmltarget]=’%2Balert(0x000A02)%2B’\\n \\n \\n \\n Exploitation Requirements #\\n \\n No authentication required\\n Victim must click a crafted link\\n \\n Impact #\\n \\n Remote attackers can exploit these vulnerabilities to:\\n \\n Steal user session cookies\\n Perform actions on behalf of users\\n Redirect users to malicious websites\\n \\n \\n \\n Solution #\\n \\n Update to a patched version of Serendipity.\\n \\n \\n References #\\n \\n Invicti Advisory NS-13-003\\n \\n Timeline:\\n \\n [2013-02-26] – First Contact\\n [2013-03-04] – Sent Details\\n [2013-07-12] – Advisory Released\\n \\n Credits: Omar Kurt”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214743″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214743\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-02T18:30:05″,”description”:”Multiple cross site scripting vulnerabilities exist in Serendipity version 1.6.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-38561","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n